Skip to content

Commit

Permalink
feat(client-codeartifact): This release introduces Package Origin Con…
Browse files Browse the repository at this point in the history 
…trols, a mechanism used to counteract Dependency Confusion attacks. Adds two new APIs, PutPackageOriginConfiguration and DescribePackage, and updates the ListPackage, DescribePackageVersion and ListPackageVersion APIs in support of the feature.
  • Loading branch information
awstools committed Jul 14, 2022
1 parent 4881c96 commit ac9d765
Show file tree
Hide file tree
Showing 10 changed files with 1,586 additions and 230 deletions.
10 changes: 10 additions & 0 deletions clients/client-codeartifact/README.md
View file
Expand Up @@ -149,6 +149,11 @@ contains information about the requested domain.</p>
</li>
<li>
<p>
<code>DescribePackage</code>: Returns a <a href="https://docs.aws.amazon.com/codeartifact/latest/APIReference/API_PackageDescription.html">PackageDescription</a>
object that contains details about a package. </p>
</li>
<li>
<p>
<code>DescribePackageVersion</code>: Returns a <a href="https://docs.aws.amazon.com/codeartifact/latest/APIReference/API_PackageVersionDescription.html">PackageVersionDescription</a>
object that contains details about a package version. </p>
</li>
Expand Down Expand Up @@ -256,6 +261,11 @@ package in a repository.</p>
</li>
<li>
<p>
<code>PutPackageOriginConfiguration</code>: Sets the package origin configuration for a package, which determine
how new versions of the package can be added to a specific repository.</p>
</li>
<li>
<p>
<code>PutRepositoryPermissionsPolicy</code>: Sets the resource policy on a repository
that specifies permissions to access it. </p>
</li>
Expand Down
98 changes: 97 additions & 1 deletion clients/client-codeartifact/src/Codeartifact.ts
View file
Expand Up @@ -52,6 +52,11 @@ import {
DescribeDomainCommandInput,
DescribeDomainCommandOutput,
} from "./commands/DescribeDomainCommand";
import {
DescribePackageCommand,
DescribePackageCommandInput,
DescribePackageCommandOutput,
} from "./commands/DescribePackageCommand";
import {
DescribePackageVersionCommand,
DescribePackageVersionCommandInput,
Expand Down Expand Up @@ -143,6 +148,11 @@ import {
PutDomainPermissionsPolicyCommandInput,
PutDomainPermissionsPolicyCommandOutput,
} from "./commands/PutDomainPermissionsPolicyCommand";
import {
PutPackageOriginConfigurationCommand,
PutPackageOriginConfigurationCommandInput,
PutPackageOriginConfigurationCommandOutput,
} from "./commands/PutPackageOriginConfigurationCommand";
import {
PutRepositoryPermissionsPolicyCommand,
PutRepositoryPermissionsPolicyCommandInput,
Expand Down Expand Up @@ -306,6 +316,11 @@ import {
* </li>
* <li>
* <p>
* <code>DescribePackage</code>: Returns a <a href="https://docs.aws.amazon.com/codeartifact/latest/APIReference/API_PackageDescription.html">PackageDescription</a>
* object that contains details about a package. </p>
* </li>
* <li>
* <p>
* <code>DescribePackageVersion</code>: Returns a <a href="https://docs.aws.amazon.com/codeartifact/latest/APIReference/API_PackageVersionDescription.html">PackageVersionDescription</a>
* object that contains details about a package version. </p>
* </li>
Expand Down Expand Up @@ -413,6 +428,11 @@ import {
* </li>
* <li>
* <p>
* <code>PutPackageOriginConfiguration</code>: Sets the package origin configuration for a package, which determine
* how new versions of the package can be added to a specific repository.</p>
* </li>
* <li>
* <p>
* <code>PutRepositoryPermissionsPolicy</code>: Sets the resource policy on a repository
* that specifies permissions to access it. </p>
* </li>
Expand Down Expand Up @@ -788,6 +808,40 @@ export class Codeartifact extends CodeartifactClient {
}
}

/**
* <p> Returns a
* <a href="https://docs.aws.amazon.com/codeartifact/latest/APIReference/API_PackageDescription.html">PackageDescription</a>
* object that contains information about the requested package.</p>
*/
public describePackage(
args: DescribePackageCommandInput,
options?: __HttpHandlerOptions
): Promise<DescribePackageCommandOutput>;
public describePackage(
args: DescribePackageCommandInput,
cb: (err: any, data?: DescribePackageCommandOutput) => void
): void;
public describePackage(
args: DescribePackageCommandInput,
options: __HttpHandlerOptions,
cb: (err: any, data?: DescribePackageCommandOutput) => void
): void;
public describePackage(
args: DescribePackageCommandInput,
optionsOrCb?: __HttpHandlerOptions | ((err: any, data?: DescribePackageCommandOutput) => void),
cb?: (err: any, data?: DescribePackageCommandOutput) => void
): Promise<DescribePackageCommandOutput> | void {
const command = new DescribePackageCommand(args);
if (typeof optionsOrCb === "function") {
this.send(command, optionsOrCb);
} else if (typeof cb === "function") {
if (typeof optionsOrCb !== "object") throw new Error(`Expect http options but get ${typeof optionsOrCb}`);
this.send(command, optionsOrCb || {}, cb);
} else {
return this.send(command, optionsOrCb);
}
}

/**
* <p>
* Returns a
Expand Down Expand Up @@ -1069,7 +1123,9 @@ export class Codeartifact extends CodeartifactClient {

/**
* <p>
* Gets the readme file or descriptive text for a package version.
* Gets the readme file or descriptive text for a package version. For packages that do not contain a readme file, CodeArtifact
* extracts a description from a metadata file. For example, from the <code><description></code> element in the
* <code>pom.xml</code> file of a Maven package.
* </p>
* <p>
* The returned text might contain formatting. For example, it might contain formatting for Markdown or reStructuredText.
Expand Down Expand Up @@ -1511,6 +1567,46 @@ export class Codeartifact extends CodeartifactClient {
}
}

/**
* <p>Sets the package origin configuration for a package.</p>
* <p>The package origin configuration determines how new versions of a package can be added to a repository. You can allow or block direct
* publishing of new package versions, or ingestion and retaining of new package versions from an external connection or upstream source.
* For more information about package origin controls and configuration, see <a href="https://docs.aws.amazon.com/codeartifact/latest/ug/package-origin-controls.html">Editing package origin controls</a> in the <i>CodeArtifact User Guide</i>.</p>
* <p>
* <code>PutPackageOriginConfiguration</code> can be called on a package that doesn't yet exist in the repository. When called
* on a package that does not exist, a package is created in the repository with no versions and the requested restrictions are set on the package.
* This can be used to preemptively block ingesting or retaining any versions from external connections or upstream repositories, or to block
* publishing any versions of the package into the repository before connecting any package managers or publishers to the repository.</p>
*/
public putPackageOriginConfiguration(
args: PutPackageOriginConfigurationCommandInput,
options?: __HttpHandlerOptions
): Promise<PutPackageOriginConfigurationCommandOutput>;
public putPackageOriginConfiguration(
args: PutPackageOriginConfigurationCommandInput,
cb: (err: any, data?: PutPackageOriginConfigurationCommandOutput) => void
): void;
public putPackageOriginConfiguration(
args: PutPackageOriginConfigurationCommandInput,
options: __HttpHandlerOptions,
cb: (err: any, data?: PutPackageOriginConfigurationCommandOutput) => void
): void;
public putPackageOriginConfiguration(
args: PutPackageOriginConfigurationCommandInput,
optionsOrCb?: __HttpHandlerOptions | ((err: any, data?: PutPackageOriginConfigurationCommandOutput) => void),
cb?: (err: any, data?: PutPackageOriginConfigurationCommandOutput) => void
): Promise<PutPackageOriginConfigurationCommandOutput> | void {
const command = new PutPackageOriginConfigurationCommand(args);
if (typeof optionsOrCb === "function") {
this.send(command, optionsOrCb);
} else if (typeof cb === "function") {
if (typeof optionsOrCb !== "object") throw new Error(`Expect http options but get ${typeof optionsOrCb}`);
this.send(command, optionsOrCb || {}, cb);
} else {
return this.send(command, optionsOrCb);
}
}

/**
* <p>
* Sets the resource policy on a repository that specifies permissions to access it.
Expand Down
19 changes: 19 additions & 0 deletions clients/client-codeartifact/src/CodeartifactClient.ts
View file
Expand Up @@ -78,6 +78,7 @@ import {
DeleteRepositoryPermissionsPolicyCommandOutput,
} from "./commands/DeleteRepositoryPermissionsPolicyCommand";
import { DescribeDomainCommandInput, DescribeDomainCommandOutput } from "./commands/DescribeDomainCommand";
import { DescribePackageCommandInput, DescribePackageCommandOutput } from "./commands/DescribePackageCommand";
import {
DescribePackageVersionCommandInput,
DescribePackageVersionCommandOutput,
Expand Down Expand Up @@ -142,6 +143,10 @@ import {
PutDomainPermissionsPolicyCommandInput,
PutDomainPermissionsPolicyCommandOutput,
} from "./commands/PutDomainPermissionsPolicyCommand";
import {
PutPackageOriginConfigurationCommandInput,
PutPackageOriginConfigurationCommandOutput,
} from "./commands/PutPackageOriginConfigurationCommand";
import {
PutRepositoryPermissionsPolicyCommandInput,
PutRepositoryPermissionsPolicyCommandOutput,
Expand All @@ -166,6 +171,7 @@ export type ServiceInputTypes =
| DeleteRepositoryCommandInput
| DeleteRepositoryPermissionsPolicyCommandInput
| DescribeDomainCommandInput
| DescribePackageCommandInput
| DescribePackageVersionCommandInput
| DescribeRepositoryCommandInput
| DisassociateExternalConnectionCommandInput
Expand All @@ -185,6 +191,7 @@ export type ServiceInputTypes =
| ListRepositoriesInDomainCommandInput
| ListTagsForResourceCommandInput
| PutDomainPermissionsPolicyCommandInput
| PutPackageOriginConfigurationCommandInput
| PutRepositoryPermissionsPolicyCommandInput
| TagResourceCommandInput
| UntagResourceCommandInput
Expand All @@ -202,6 +209,7 @@ export type ServiceOutputTypes =
| DeleteRepositoryCommandOutput
| DeleteRepositoryPermissionsPolicyCommandOutput
| DescribeDomainCommandOutput
| DescribePackageCommandOutput
| DescribePackageVersionCommandOutput
| DescribeRepositoryCommandOutput
| DisassociateExternalConnectionCommandOutput
Expand All @@ -221,6 +229,7 @@ export type ServiceOutputTypes =
| ListRepositoriesInDomainCommandOutput
| ListTagsForResourceCommandOutput
| PutDomainPermissionsPolicyCommandOutput
| PutPackageOriginConfigurationCommandOutput
| PutRepositoryPermissionsPolicyCommandOutput
| TagResourceCommandOutput
| UntagResourceCommandOutput
Expand Down Expand Up @@ -521,6 +530,11 @@ export interface CodeartifactClientResolvedConfig extends CodeartifactClientReso
* </li>
* <li>
* <p>
* <code>DescribePackage</code>: Returns a <a href="https://docs.aws.amazon.com/codeartifact/latest/APIReference/API_PackageDescription.html">PackageDescription</a>
* object that contains details about a package. </p>
* </li>
* <li>
* <p>
* <code>DescribePackageVersion</code>: Returns a <a href="https://docs.aws.amazon.com/codeartifact/latest/APIReference/API_PackageVersionDescription.html">PackageVersionDescription</a>
* object that contains details about a package version. </p>
* </li>
Expand Down Expand Up @@ -628,6 +642,11 @@ export interface CodeartifactClientResolvedConfig extends CodeartifactClientReso
* </li>
* <li>
* <p>
* <code>PutPackageOriginConfiguration</code>: Sets the package origin configuration for a package, which determine
* how new versions of the package can be added to a specific repository.</p>
* </li>
* <li>
* <p>
* <code>PutRepositoryPermissionsPolicy</code>: Sets the resource policy on a repository
* that specifies permissions to access it. </p>
* </li>
Expand Down
98 changes: 98 additions & 0 deletions clients/client-codeartifact/src/commands/DescribePackageCommand.ts
View file
@@ -0,0 +1,98 @@
// smithy-typescript generated code
import { getSerdePlugin } from "@aws-sdk/middleware-serde";
import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
import { Command as $Command } from "@aws-sdk/smithy-client";
import {
FinalizeHandlerArguments,
Handler,
HandlerExecutionContext,
HttpHandlerOptions as __HttpHandlerOptions,
MetadataBearer as __MetadataBearer,
MiddlewareStack,
SerdeContext as __SerdeContext,
} from "@aws-sdk/types";

import { CodeartifactClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../CodeartifactClient";
import { DescribePackageRequest, DescribePackageResult } from "../models/models_0";
import {
deserializeAws_restJson1DescribePackageCommand,
serializeAws_restJson1DescribePackageCommand,
} from "../protocols/Aws_restJson1";

export interface DescribePackageCommandInput extends DescribePackageRequest {}
export interface DescribePackageCommandOutput extends DescribePackageResult, __MetadataBearer {}

/**
* <p> Returns a
* <a href="https://docs.aws.amazon.com/codeartifact/latest/APIReference/API_PackageDescription.html">PackageDescription</a>
* object that contains information about the requested package.</p>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { CodeartifactClient, DescribePackageCommand } from "@aws-sdk/client-codeartifact"; // ES Modules import
* // const { CodeartifactClient, DescribePackageCommand } = require("@aws-sdk/client-codeartifact"); // CommonJS import
* const client = new CodeartifactClient(config);
* const command = new DescribePackageCommand(input);
* const response = await client.send(command);
* ```
*
* @see {@link DescribePackageCommandInput} for command's `input` shape.
* @see {@link DescribePackageCommandOutput} for command's `response` shape.
* @see {@link CodeartifactClientResolvedConfig | config} for CodeartifactClient's `config` shape.
*
*/
export class DescribePackageCommand extends $Command<
DescribePackageCommandInput,
DescribePackageCommandOutput,
CodeartifactClientResolvedConfig
> {
// Start section: command_properties
// End section: command_properties

constructor(readonly input: DescribePackageCommandInput) {
// Start section: command_constructor
super();
// End section: command_constructor
}

/**
* @internal
*/
resolveMiddleware(
clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
configuration: CodeartifactClientResolvedConfig,
options?: __HttpHandlerOptions
): Handler<DescribePackageCommandInput, DescribePackageCommandOutput> {
this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));

const stack = clientStack.concat(this.middlewareStack);

const { logger } = configuration;
const clientName = "CodeartifactClient";
const commandName = "DescribePackageCommand";
const handlerExecutionContext: HandlerExecutionContext = {
logger,
clientName,
commandName,
inputFilterSensitiveLog: DescribePackageRequest.filterSensitiveLog,
outputFilterSensitiveLog: DescribePackageResult.filterSensitiveLog,
};
const { requestHandler } = configuration;
return stack.resolve(
(request: FinalizeHandlerArguments<any>) =>
requestHandler.handle(request.request as __HttpRequest, options || {}),
handlerExecutionContext
);
}

private serialize(input: DescribePackageCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
return serializeAws_restJson1DescribePackageCommand(input, context);
}

private deserialize(output: __HttpResponse, context: __SerdeContext): Promise<DescribePackageCommandOutput> {
return deserializeAws_restJson1DescribePackageCommand(output, context);
}

// Start section: command_body_extra
// End section: command_body_extra
}
4 changes: 3 additions & 1 deletion clients/client-codeartifact/src/commands/GetPackageVersionReadmeCommand.ts
View file
Expand Up @@ -24,7 +24,9 @@ export interface GetPackageVersionReadmeCommandOutput extends GetPackageVersionR

/**
* <p>
* Gets the readme file or descriptive text for a package version.
* Gets the readme file or descriptive text for a package version. For packages that do not contain a readme file, CodeArtifact
* extracts a description from a metadata file. For example, from the <code><description></code> element in the
* <code>pom.xml</code> file of a Maven package.
* </p>
* <p>
* The returned text might contain formatting. For example, it might contain formatting for Markdown or reStructuredText.
Expand Down

0 comments on commit ac9d765

Please sign in to comment.